DNS - Domain Computers Never Appear?

Hi There...

I'm trying to debug a problem with a small 1 DC/DNS network that I've inherited. However, I'm not that fluent in the way 2003 does DNS. I've read the 70-291 material relating to DNS and I'm still having this issue.

Basically, in the forward lookup zones for the domain, none of the domain computers show up. They don't update their own A records. We can't ping from machine to machine. Each computer only knows the name and address of the DNS server from a host record. The DC/DNS machine is the first DNS server being used. Group Policies apply ok on older machines, but new machines can't join the domain (even if they get the host record for the DC/DNS machine). They are all on the same ethernet and ip subnet, and can ping the DC.

So my questions are:
1. How come hosts don't show up in DNS zones? What should I check to debug this?
2. Is there any obvious reason why new machines wouldn't be able to join the domain? They simply can't find the DC. I've checked the SRV records and they appear to be right. dcdiag /fix doesn't help.

Anyone have any advice?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

undomiel

Well for a start you can try netdiag from the XP SP2 Support Tools. Try running netdiag /v and see if it will tell you anything. You can also try netdiag /fix to see if it will fix anything though I've never seen it do so. It also probably wouldn't hurt to run the tool on your DC. Do you have problems with static IP settings to ping to the computers? Is nslookup able to connect to the DNS server?

http://www.microsoft.com/downloads/details.aspx?familyid=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en

sprkymrk

Restaring the netlogon service on the DC should cause it to renew it's SRV record, you can try that a couple of times (I've had it take up to 3 times to correctly register before).

When you join the domain, are you using the FQND as in my.domain.name.com?

Are you running DHCP? The DHCP server should update your clients A records for you if configured with defaults. If your clients are hard-coded with IP addresses, try enabling "Netbios over TCP/IP" on the WINS tab.

motherwolf

If you're using XP clients, turn off the built-in firewall and see if you can ping from machine to machine. I'm assuming you're using static addresses so make sure your TCP/IP settings are correct on the clients and that they're pointing to the DNS server's IP when attempting to join the domain. Try going to a command prompt on the clients and doing an ipconfig /registerdns. Here's a link with some more things to try.

http://207.46.196.114/windowsserver/en/library/1583e419-88a6-4062-8807-d9eea99e3b421033.mspx?mfr=true

SWM

Are your workstations using the DC as there DNS server. Seen many networks where the clients have the ISP DNS details and as a result can browse the web OK but have trouble logging in and huge issues joining the domain.

hypnotoad

Not using DHCP. Can ping from machine to machine by IP, not name.

I did try enabling Netbios over TCP/IP and then ipconfig /registerdns -- no results. Also tried allowing dynamic updates in non-secure mode with no results.

undomiel

Have you ever statically set any DNS via Group Policy? If you did that would override setting it manually at the machines and further more would only show up if you inspected the group policies on the machine, not the ip config or the local policies. If that's not interfering then check firewalls to see if they're in the way. Did netdiag give you any clues both on the workstations and the server?

Technowiz

First thing I'm wondering is why you are using the HOSTS file to specify the DNS server? I would take that entry out and specify the DNS server in TCP/IP properties. Then see if you can ping the DNS server by IP address and then name. If you can't resolve the DNS server by its FQDN ie dns1.domain.com, then I would be looking at the configuration of my DNS server.

Once you establish connectivity and name resolution for the DNS server itself you can move on to the issue of getting computers to register with the DNS server. You said you are not using DHCP, but I believe it is the DHCP client service on each client that performs DNS registration. You can also try forcing a host computer to update with the DNS server with ipconfig /registerdns. That can help you narrow down where the problem is depending on if it works or not. Keep us updated!

Sie

Point the DNS Server towards the Client so they can 'see each other'

Where as if you actually want something that works try the above

I would update the TCP/IP DNS properties first and remove the HOST file entry.

You can check the GPO's applied using RSoP snap-in.

What are the clients? XP / 98 ? ?

Mishra

By the way... The only way to specify a DNS server in TCP/IP properties in by IP.

I assume he already has that configured. You can check by doing an ipconfig /all and looking at the DNS server.

hypnotoad

Netdiag's shows all passes. No GP is being used for any network properties - just a printer map script or two (these surprisingly work on the existing domain machines) - but no machines show up in the DNS console for the domain's zones. Manually creating A records seems to work, but doesn't help joining the domain. The server's DNS entry is itself.

DNS and DC are on one server -- IP 172.16.0.2, hosts entry on each XP client (only XP pro) is:
172.16.0.2 theserver

So basically, in the clients, the following are statically assigned:
ip - 172.16.0.0 /16
gateway - 172.16.0.1
suffix: companyname
dns servers: 172.16.0.2 & ISP's server

I guess it's hard to say why DNS is broke. The server is authorative for the zone the domain is in. The srv records all appear to be there. It is doing recursive lookups. It's all one LAN segment. We are debating blowing the client's domain away and re-creating it with at least 2 servers, since it seems to be kind of messed up at the moment

Technowiz

The DNS suffix on your clients needs to match the name of your forward lookup zone. In your last post you said suffix: companyname. If the name of your forward lookup zone is companyname.com or companyname.local and the DNS suffix on your clients is just companyname that is going to cause you some problems. They need to be the same.

Are you able to resolve the name of your DNS server from a client machine?

sprkymrk

I would try removing the ISP DNS from the clients and make sure the ISP DNS is ONLY listed on your DNS server as a forwarder.

The hosts entry on your clients won't do any good. You could try an LMHOSTS entry (remember to remove the .sam extention and save it as LMHOSTS only). It should look like this:

172.16.0.2	Servername	#PRE #DOM:domain
172.16.0.2	"DOMAIN         \0x1b" #PRE

There should be exactly 15 characters in your domain name from the first double quote to the backslash. Use spaces as needed.

Mishra

I would look for DNS errors in the event log.

Did you try sprkymrk's saying "When you join the domain, are you using the FQND as in my.domain.name.com? " Make sure you have your A record for the DNS server actually listed in the zone.

For the domain joining problem: I would remove your host entry all together and let DNS happen since you say manually adding records fixes DNS not resolving.